lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <467DAE96.9070007@s0ftpj.org>
Date: Sun, 24 Jun 2007 01:36:54 +0200
From: "KJK::Hyperion" <hackbunny@...tpj.org>
To: bugtraq@...urityfocus.com,  full-disclosure@...ts.grok.org.uk
Subject: Re: "run as" local denial-of-service
 enables	administrative account processes to be killed

Eitan Caspi wrote:
> I'm confused.
It escapes me, really. There is no excuse not to know exactly when, why 
and how anything happens on a Windows machine, not with the excellent, 
affordable tracing tools we have at our disposal in this time and age. I 
loathe the term "security researchers" - it conjures mental images of 
Dutch naturalists in colonial pith helmets marvelling at the sight of 
some exotic kind of blue orchid under their oversize magnifying lens, 
deep in a tropical jungle - but I have to say both the term and the 
image fit your kind like a glove. Get up close and personal with Process 
Explorer and Process Monitor (it records the *stack backtrace* for every 
operation! that's the IT security equivalent of downloading and 
installing Christmas and getting to run it everyday) and never 
publically embarass yourself thus again. The most disheartening aspect 
of the current generation of security research is how an army of 
basement dwellers suddenly turned into a kind of paranoid, power-hungry 
freaks who, at the war cry of "EVERY CRASH IS A VULNERABILITY", toil 
away day and night to get the respect, the cred, the Russian spam botnet 
they so long for.

In fact, I hate the whole attitude of treating technical issues like 
security issues, with the lack of subtlety, politeness, humility and 
plain SENSE that seems to go with that. So one day ЗАРАЗА finds a 
regression in Microsoft's C runtime, potentially leading to crashes in 
all applications compiled with it; security-minded as he is, he promptly 
reports it to security@...rosoft.com, making a godawful job of it, 
describing the kind of awkward contorted terror scenario only a security 
researcher could be capable of conceiving (oooh! I know! I know! let's 
ship the whole IT security circus to Guantanamo bay!), and, 
characteristically, proposing ass-backwards solutions (even my good pals 
and ex-ReactOS-ites Alex Ionescu and Skywing, otherwise veritable 
metahumans capable of mentally indexing unimaginable amounts of 
technical information, bleed IQ points by the dozen when presented with 
the challenge of writing a "Workarounds" section); technically-minded as 
I am, I register on <URL: http://connect.microsoft.com/ >, report the 
issue as a bug, making a purely technical case of it, and the issue is 
acknowledged in a matter of two days and a fix scheduled for Visual 
Studio 2005 SP1 (KB927580 seems to be related, too: <URL: 
http://support.microsoft.com/kb/927580/en-us >). No fuss, no drama, no 
veiled threatening, no blackmail. security@...rosoft.com is just too 
overloaded - please TRY and discuss the matter with your friendly 
neighborhood Windows expert first. It might even turn out - what a 
concept! - that you were wrong all along (sorry! you must be _this_ 
reputable to ride this botnet/azn waifu/wiggermobile!)

As I see it, Microsoft has made an earnest attempt to get as close as 
allowed by corporate policy (and common dignity) to your crazy, wacky 
world of drama bombz (see: Harry Potter hoax, last year's furry porn 
flood, etc.) and reputation warz (see: n3td3v, Gobbles, etc.) and 
powerwordz (see: the PsyOps counter-hoax, Gadi Evron's Garden of Eden 
complex of asserting ownership through christening, etc.) and make it 
all somehow work, the least you could do is lose some of that fucking 
sense of _entitlement_.

To get back to the matter at hand, might I hazard the suggestion that 
maybe, probably, you granted the Debug privilege to the Users group? 
(what's the output of "whoami /priv" in the run-as command prompt?)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ